Programming interface for licensing

ABSTRACT

A software licensing Application Programming Interface (API) that allows software products to use the license management functionality of a common service. A license specifies rights in a software product. The software product calls a consume method on the API in order to consume a right. If the right exists, the service binds the right to the license in which the right is found. The software product enforces the terms of the license by granting, or denying, access to some or all features depending on whether a valid instance of the right is found. Arbitrary data can be associated with a right. The API includes a method to retrieve data from a right that has been previously bound by the consume method.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of U.S. patent application Ser. No.10/692,868, filed Oct. 24, 2003, entitled “PROGRAMMING INTERFACE FORLICENSING,” (Atty. Dkt. No. 305442-US-NP). The entirety of thisafore-mentioned application is incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates generally to the field of computersoftware, and, more particularly, to a programming interface thatsupports the enforcement of electronic licenses.

BACKGROUND OF THE INVENTION

Commercially-produced software has traditionally been made availableunder a license that defines the permissible terms of the software'suse. When the practice of software licensing first began, the licensegenerally took the form of a legal document that defined the user'srights with respect to the software. Such a document relied upon thelegal system for enforcement. It has since become desirable for licensesto be enforced electronically—i.e., it is desirable that a computerprogram contain code that actively discourages or prevents use of thesoftware in a manner that is contrary to the license.

Most software that provides for electronic license enforcement providesits own infrastructure to manage the licensing of the software and theuse of the licenses. Thus, a typical commercial software product mayinclude not only the code to perform the product's core function, butmay also carry with it the code to obtain, evaluate, protect, and managelicenses for the software. For each software vendor to develop andincorporate this infrastructure into its software is often a wastefulduplication of effort. It is therefore desirable to provide a systemthat performs the basic functions related to software licensing, wherethe system can be used by a broad variety of software applications in auniform and defined way.

In view of the foregoing, there is a need for a mechanism that overcomesthe drawbacks of the prior art.

SUMMARY OF THE INVENTION

The present invention provides a software licensing ApplicationProgramming Interface (API) that provides certain licensing functionsfor use by software products. A license service performs functionsrelating to the use of licenses, and exposes these functions to softwareproducts through the API. The service performs functions such asobtaining licenses, storing and managing licenses, protecting licensesfrom tampering, evaluating a license's validity, and evaluating whethera license is correctly bound to the machine and/or software product onwhich it is used. The software is able to make use of this functionalityby calling the methods of the API.

In a typical use of the API, a software product calls an “open” APImethod in order to obtain a unique handle that is used by the licenseservice to identify the application. The software product then calls a“consume right” API method. “Consume,” in this context, means theexercise of a specified right. The call to the “consume right” method isparameterized by the software product's handle, and by the name of theright to be consumed. The license service then attempts to locate one ormore valid, correctly bound licenses that contains the named right. Ifno such license exists, then the software product is notified of thefailure. If such licenses exist, then the right is bound to one of thelicenses, and the calling software product is notified of the binding.In such a case, the software product knows that the right exists, andcan perform whatever functions are associated with this right.

In a preferred embodiment, the license service does not define what thesoftware can or cannot do under the right, or enforce substantiveconstraints on the use of the software. Rather, the license servicemanages the licenses in such a way that a software product can determineby calling the API whether a right does, or does not, exist, so that thesoftware can behave accordingly. For example, a right may be called“run,” indicating that the user has the right to run the softwareproduct. The software product can use the API to determine whether thereis a valid (and correctly bound, and non-expired) right to run thesoftware. However, if the API call returns with an indication that thereis no right to run the software, it is up to the software to ceaseoperation or take some other action based on the non-existence of thisright.

A right may be associated with information, which becomes availableafter a successful call to the “consume right” method. For example, agiven software product may have individual rules about when it ispermissible to edit, print, save, etc., and these rules can be stored inthe license that contains the right. The API provides a “getinformation” method that allows this information to be retrieved fromthe license.

Other features of the invention are described below.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing summary, as well as the following detailed description ofpreferred embodiments, is better understood when read in conjunctionwith the appended drawings. For the purpose of illustrating theinvention, there is shown in the drawings exemplary constructions of theinvention; however, the invention is not limited to the specific methodsand instrumentalities disclosed. In the drawings:

FIG. 1 is a block diagram of an example computing environment in whichaspects of the invention may be implemented;

FIG. 2 is a block diagram of an architecture in which a system performslicensing functions and exposes an API for use by software products;

FIG. 3 is a flow diagram of a method through which a software productuses a licensing API;

FIG. 4 is a flow diagram of a method by which a software productconsumes a right; and

FIG. 5 is a flow diagram of a method by which a software productretrieves information relating to a consumed right.

DETAILED DESCRIPTION OF THE INVENTION Overview

The use of commercial software is typically governed by a license, andit has become increasingly common for this license to be embodied in anelectronic form that can be enforced by the software itself. Onechallenge in creating an electronic licensing system is that aninfrastructure is needed to manage the use of the licenses. Replicatingthis infrastructure for every software product is cumbersome andwasteful. The present invention provides an API that allows differentsoftware products to use a common infrastructure that performs variouslicensing functions.

Exemplary Computing Arrangement

FIG. 1 shows an exemplary computing environment in which aspects of theinvention may be implemented. The computing system environment 100 isonly one example of a suitable computing environment and is not intendedto suggest any limitation as to the scope of use or functionality of theinvention. Neither should the computing environment 100 be interpretedas having any dependency or requirement relating to any one orcombination of components illustrated in the exemplary operatingenvironment 100.

The invention is operational with numerous other general purpose orspecial purpose computing system environments or configurations.Examples of well known computing systems, environments, and/orconfigurations that may be suitable for use with the invention include,but are not limited to, personal computers, server computers, hand-heldor laptop devices, multiprocessor systems, microprocessor-based systems,set top boxes, programmable consumer electronics, network PCs,minicomputers, mainframe computers, embedded systems, distributedcomputing environments that include any of the above systems or devices,and the like.

The invention may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, etc. that performparticular tasks or implement particular abstract data types. Theinvention may also be practiced in distributed computing environmentswhere tasks are performed by remote processing devices that are linkedthrough a communications network or other data transmission medium. In adistributed computing environment, program modules and other data may belocated in both local and remote computer storage media including memorystorage devices.

With reference to FIG. 1, an exemplary system for implementing theinvention includes a general purpose computing device in the form of acomputer 110. Components of computer 110 may include, but are notlimited to, a processing unit 120, a system memory 130, and a system bus121 that couples various system components including the system memoryto the processing unit 120. The processing unit 120 may representmultiple logical processing units such as those supported on amulti-threaded processor. The system bus 121 may be any of several typesof bus structures including a memory bus or memory controller, aperipheral bus, and a local bus using any of a variety of busarchitectures. By way of example, and not limitation, such architecturesinclude Industry Standard Architecture (ISA) bus, Micro ChannelArchitecture (MCA) bus, Enhanced ISA (EISA) bus, Video ElectronicsStandards Association (VESA) local bus, and Peripheral ComponentInterconnect (PCI) bus (also known as Mezzanine bus). The system bus 121may also be implemented as a point-to-point connection, switchingfabric, or the like, among the communicating devices.

Computer 110 typically includes a variety of computer readable media.Computer readable media can be any available media that can be accessedby computer 110 and includes both volatile and nonvolatile media,removable and non-removable media. By way of example, and notlimitation, computer readable media may comprise computer storage mediaand communication media. Computer storage media includes both volatileand nonvolatile, removable and non-removable media implemented in anymethod or technology for storage of information such as computerreadable instructions, data structures, program modules or other data.Computer storage media includes, but is not limited to, RAM, ROM,EEPROM, flash memory or other memory technology, CDROM, digitalversatile disks (DVD) or other optical disk storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium which can be used to store the desired informationand which can accessed by computer 110. Communication media typicallyembodies computer readable instructions, data structures, programmodules or other data in a modulated data signal such as a carrier waveor other transport mechanism and includes any information deliverymedia. The term “modulated data signal” means a signal that has one ormore of its characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer readable media.

The system memory 130 includes computer storage media in the form ofvolatile and/or nonvolatile memory such as read only memory (ROM) 131and random access memory (RAM) 132. A basic input/output system 133(BIOS), containing the basic routines that help to transfer informationbetween elements within computer 110, such as during start-up, istypically stored in ROM 131. RAM 132 typically contains data and/orprogram modules that are immediately accessible to and/or presentlybeing operated on by processing unit 120. By way of example, and notlimitation, FIG. 1 illustrates operating system 134, applicationprograms 135, other program modules 136, and program data 137.

The computer 110 may also include other removable/non-removable,volatile/nonvolatile computer storage media. By way of example only,FIG. 1 illustrates a hard disk drive 140 that reads from or writes tonon-removable, nonvolatile magnetic media, a magnetic disk drive 151that reads from or writes to a removable, nonvolatile magnetic disk 152,and an optical disk drive 155 that reads from or writes to a removable,nonvolatile optical disk 156, such as a CD ROM or other optical media.Other removable/non-removable, volatile/nonvolatile computer storagemedia that can be used in the exemplary operating environment include,but are not limited to, magnetic tape cassettes, flash memory cards,digital versatile disks, digital video tape, solid state RAM, solidstate ROM, and the like. The hard disk drive 141 is typically connectedto the system bus 121 through a non-removable memory interface such asinterface 140, and magnetic disk drive 151 and optical disk drive 155are typically connected to the system bus 121 by a removable memoryinterface, such as interface 150.

The drives and their associated computer storage media discussed aboveand illustrated in FIG. 1, provide storage of computer readableinstructions, data structures, program modules and other data for thecomputer 110. In FIG. 1, for example, hard disk drive 141 is illustratedas storing operating system 144, application programs 145, other programmodules 146, and program data 147. Note that these components can eitherbe the same as or different from operating system 134, applicationprograms 135, other program modules 136, and program data 137. Operatingsystem 144, application programs 145, other program modules 146, andprogram data 147 are given different numbers here to illustrate that, ata minimum, they are different copies. A user may enter commands andinformation into the computer 20 through input devices such as akeyboard 162 and pointing device 161, commonly referred to as a mouse,trackball or touch pad. Other input devices (not shown) may include amicrophone, joystick, game pad, satellite dish, scanner, or the like.These and other input devices are often connected to the processing unit120 through a user input interface 160 that is coupled to the systembus, but may be connected by other interface and bus structures, such asa parallel port, game port or a universal serial bus (USB). A monitor191 or other type of display device is also connected to the system bus121 via an interface, such as a video interface 190. In addition to themonitor, computers may also include other peripheral output devices suchas speakers 197 and printer 196, which may be connected through anoutput peripheral interface 195

The computer 110 may operate in a networked environment using logicalconnections to one or more remote computers, such as a remote computer180. The remote computer 180 may be a personal computer, a server, arouter, a network PC, a peer device or other common network node, andtypically includes many or all of the elements described above relativeto the computer 110, although only a memory storage device 181 has beenillustrated in FIG. 1. The logical connections depicted in FIG. 1include a local area network (LAN) 171 and a wide area network (WAN)173, but may also include other networks. Such networking environmentsare commonplace in offices, enterprise-wide computer networks, intranetsand the Internet.

When used in a LAN networking environment, the computer 110 is connectedto the LAN 171 through a network interface or adapter 170. When used ina WAN networking environment, the computer 110 typically includes amodem 172 or other means for establishing communications over the WAN173, such as the Internet. The modem 172, which may be internal orexternal, may be connected to the system bus 121 via the user inputinterface 160, or other appropriate mechanism. In a networkedenvironment, program modules depicted relative to the computer 110, orportions thereof, may be stored in the remote memory storage device. Byway of example, and not limitation, FIG. 1 illustrates remoteapplication programs 185 as residing on memory device 181. It will beappreciated that the network connections shown are exemplary and othermeans of establishing a communications link between the computers may beused.

Software Licensing Service

FIG. 2 shows an example system that provides a software licensingservice 202. Software licensing service 202 operates inside of computer110 (shown in FIG. 1). In one example, software licensing service 202 ispart of an operating system that executes on computer 110. Softwarelicensing service maintains a license store 204 in which license filesfor software are stored. License files may, for example, be eXtensibleRights Markup Language (XrML) files that specify rights to software, andthat also may specify various types of conditions on the exercise ofthose rights. Software 204 also maintains a trust store 206. Trust store206 stores un-authenticatable, dynamic data in a tamper-resistantmanner; trust store 206 stores data that is used in the licensevalidation process. For example, certain licenses may have expirationdates, and, in order to prevent the expiration data from beingcircumvented through clock rollback, the current time (and elapsed time)may be periodically stored in trust store 206 to ensure that the clockis always moving forward.

Software licensing service 202 manages license store 204 and trust store206, and also performs various functions relating to the licensing ofsoftware. For example, software licensing service 202 may containmodules that parse license files, modules that enforce the binding of alicense to a particular machine and/or to a particular instance of asoftware product, and a secure timer/counter (that uses trust store 206in the manner described above).

Software licensing service 202 exposes an application programminginterface (API) 208 that allows application software (such asapplication 135) to use software licensing service 202. Application 135may invoke the features of software licensing service 208 by makinglocal procedure call (LPC) to the methods of API 208. An example set ofAPI methods that may be exposed by software licensing service 202 isdescribed below.

The manner in which API 208 is used by an application is described withreference to FIG. 3. Initially, the application makes an API call (302).Service 202 then processes the API call (304), and returns the result ofthe API call to the application 306. For example, an API call mayrequest to exercise (“consume”) a right granted in a license, or toretrieve information from a license. The application then receives theresult of the API call, and determines, based on that result, what theapplication's behavior should be (308). In other words, softwarelicensing service 202, in a preferred embodiment, does not enforce alicense directly, but rather provides the infrastructure through whichlicenses can be managed and used. For example, if an application makesan API call to consume a right and service 202 determines that there isno valid license granting this right, service 202, in a preferredembodiment, does not prevent the application from running, but insteadinforms the application that the right is not available. Thus, theapplication can use its own mechanisms to determine what to do inresponse to the unavailability of the right. This facet of the APIprovides software vendors the flexibility to decide how the licensinginfrastructure provided by service 202 should be used. In anotherimplementation, application can be bound to licensing servicefunctionality.

Example Software Licensing API

The following is an example set of API methods that may be exposed by asoftware licensing service:

SLOpen

The SLOpen function opens a SL client context handle that must be usedfor all subsequent SL API calls. (Throughout the example APIdescriptions, “SL” shall refer to the software licensing service. Thus,the SL client context handle is the handle used by a client incommunicating with the software licensing service.)

  HRESULT SLOpen(  CONST GUID*   pguidApp,  HSLC*   phSLC  );

Parameters

pguidApp

[in] Pointer to application GUID that uniquely identifies anapplication. If this argument is NULL, an E_INVALIDARG error isreturned.

phSLC

[out] SL client context Handle or INVALID_HANDLE_VALUE if failed.

Remarks

Use the SLClose function to close an context handle returned by SLOpen.

Application GUID: Unique ID of application. For the WINDOWS version ofthe MICROSOFT OFFICE application suite, WinWord has an Application GUIDwhich is different from Excel's Application GUID. For Windows, Windowsitself is an application, although it is a composite of many programs.

In Office case, A user can install both Office Suite and WinWordstandalone products on the machine. From SL point of view, the WinWordin both products has same Application GUID. WinWord's Application GUIDassociated to two Product GUID. In other words, WinWord can use eitherOffice Suite's product license or WinWord's product license.

When SLOpen succeeds:

A RPC (remote procedure call) binding has been established.

A context memory is created on SL service. The context is used to keepthe status information for the caller of the client.

The SLC handle is like a file handle. A process can open multiple SLcontext handles but handles are valid within the caller process.

Returns

Success or failure

SLClose

The SLClose function closes an opened SL client context handle. Anyinformation in the context is released automatically.

  HRESULT SLClose(  HSLC   hSLC );

Parameters

hSLC

[in] Handle to current SL client context handle

Remarks

When SLClose is done, the RPC binding is released, and the context isdestroyed.

Returns

Success or failure.

SLInstall

The SLInstall function installs applications' licenses and registersapplications' information.

HRESULT SLInstall( HSLC hSLC, CONST SL_PRODKEY* pAppPrdKey, DWORDdwNumOfApps, CONST GUID* pguidApps, DWORD dwNumOfLicFiles, PCWSTRppszLicFiles[ ], BOOL bVerify );

Parameters

hSLC

[in] Handle to current SL client context handle

pAppPrdKey

[in] Application product key structure. The product key can be Microsoftproduct key format or Application's product key format.

 typedef struct_tagSL_PRODKEY  {   DWORD cb Size; // Size of SL_PRODKEYstructure   DWORD dwVersion; // Version of SL_PRODKEY structure   WCHARszProdKey[MAX_PRODKEYSTR_SIZE+1];   SL_PRODKEY_TYPE eProdKeyType; //Type of Product key   SL_CUSTOM_PRODKEY_INFO CustomPrdKeyInfo; //Customer product key info  } SL_PRODKEY;

The eProdKeyType can be one of following values:

  SL_PRODKEY_CUSTOM SL_PRODKEY_MS2002 SL_PRODKEY_MS2003

If the Product Key type is non-MS Product Key (i.e.eProdKeyType==SL_PRODKEY_CUSTOM), the caller has to fill in its customproduct key information. If the product uses MS Product Key, thenCustomPrdKeyInfo can be ignored.

 typedef struct_tagSL_CUSTOM_PRODKEY_INFO   DWORD dwSKUID; // Unique IDfor specific SKU, for example Group ID in MS PID.   DWORDdwSerialNumber; // unique serial number, e.g. channel + sequence numberin MS PID.  } SL_CUSTOM_PRODKEY_INFO;

Current version number of SL_PRODKEY is 1. The caller can useSL_CURRENT_PRODKEY_VERSION in dwVersion field.

dwNumOfApps

[in] The number of application GUID in pguidApps.

pguidApps

[in] A list of application of GUID. The application GUID represents theapplication that the license is being installed for. For example, OfficeSetup program can call this function to install the license(s) for Word,Excel by specifying each application GUID in pguidApps. pguidApp cannotbe NULL here.

dwNumOfApps

[in] The number of license files.

ppszLicFile

[in] File names in array of strings.

Returns

Success or failure

SLUninstall

The SLUninstall function uninstalls a product's license from anapplication.

HRESULT SLUninstall (  HSLC hSLC,  CONST SL_PRODKEY* pAppPrdKey );

Parameters

hSLC

[in] Handle to current SL client context handle

pAppPrdKey

[in] See above definition in connection with SLInstall.

Remarks

An application could have more than one product licenses. For example,when the user uninstalls Office suite, the association between OfficeSuite license and WinWord should be removed, but the license fromWinWord Standalone product should not be removed.

When SLUninstall succeeds:

The information associated with this Product Key is removed. (seeSLInstall, above, for the associated information)

The product keys associated with the Application GUID is removed.

The license files associated with the product GUID are preferably stillkept.

Returns

Success or failure

SLConsumeRight

The SLConsumeRight function lets an application to examine or exercisethe rights on a locally-stored license. Calling this function binds alicense to the right mentioned in pszRightName. If this right cannot beexercised by the current caller, then the application fails. If thefunction succeeds, the action associated with the right can be executed(like decreasing usage count, decreasing time quota, or nothing)

HRESULT SLConsumeRight(  HSLC hSLC,  PCWSTR pszRightName, SL_ASYNC_CONTEXT* pAsyncContext };

Parameters

hSLC

[in] Handle to current SL client context handle

pszRightName

[in] The name of right needs to be evaluated. In current design, theright name is defined by applications. SL opens the license andevaluates the condition based on the right name.

pAsyncContext

[in/out] If pAsyncContext is NULL, this function works in synchronousmode, otherwise, the function works in asynchronous mode.SL_ASYNC_CONTEXT is opaque to caller and managed by SLC.

Remarks

All licenses associated with the application GUID (specified in SLOpen)will be conceptually combined in one logic license.

If their are multiple consumable grants of the right, then the licensewith higher priority will be consumed first.

Returns

Success or failure

SLInitializeAsyncContext

The SLInitializeAsyncContext function initializes the asynchronouscontext for SLC functions to make asynchronous call.

HRESULT SLInitializeAsyncContext(  SL_ASYNC_CONTEXT*pAsyncContext, //asynchronous context  HANDLE hEvent, // event handle  PVOID pvReserved// reserved, NULL };

Parameters

pAsyncContext

[in/out] pointer to asynchronous context that contains asynchronous callinformation.

hEvent

[in] The event object used for synchronization.

pvReserved

[in] reserved for extension.

Returns

Success or failure.

SLCancelAsyncCall

The SLCancelAsyncCall function is used to cancel an asynchronous call.

HRESULT SLCancelAsyncCall(  SL_ASYNC_CONTEXT* pAsyncContext, //asynchronous context  BOOL fAbortCall // cancel immediately };

Parameters

pAsyncContext

[in] asynchronous context for SL asynchronous call.

fAbortCall

[in] If TRUE, the call is cancelled immediately. If FALSE, wait for theSL to complete the call.

Remarks

There are two ways for the caller to request cancellation of anasynchronous call—abortive and nonabortive. In an abortive cancel(fAbortCall is TRUE), the SLCancelAsyncCall function sends a cancelnotification to the SLC and the asynchronous call is canceledimmediately, without waiting for a response from the SLC. In anonabortive cancel (fAbortCall is FALSE) the SLCancelAsyncCall functionnotifies SLC of the cancel and the caller waits for SLC to complete thecall.

Returns

Success or failure.

SLCompleteAsyncCall

The SLCompleteAsyncCall function is used to complete an SLC asynchronouscall.

 HRESULT SLCompleteAsyncCall(   SL_ASYNC_CONTEXT* pAsyncContext, //asynchronous context   HRESULT* phrAsyncCall // error code of thesubmitted asynchronous call  };

Parameters

pAsyncContext

[in] asynchronous context for SL asynchronous call.

phrAsyncCall

[out] the error code of the submitted asynchronous call.

Remarks

If the caller calls this function before the reply has arrived, the callreturns E_SLC_ASYNC_CALL_PENDING. The buffer must be valid and it mustbe big enough to receive the return value. If the call does not returnE_SLC_ASYNC_CALL_PENDING, this SLCompleteAsyncCall invocation is finalfor the asynchronous call. After this function call, regardless ofsuccess or failure, all resources allocated for this asynchronous callare freed. (Subsequent calls to the SLCompleteAsyncCall orSLCancelAsyncCall functions have undefined results until a new call onthe SL_ASYNC_CONTEXT structure is initiated).

Returns

Value Meaning S_OK The call was completed successfully.E_SLC_INVALID_ASYNC_CONTEXT The asynchronous call context is not valid.E_SLC_ASYNC_CALL_PENDING The call has not yet completed.E_SLC_CALL_CANCELLED The call was cancelled.

SLGetInformation

The SLGetLicenseInfo function is used to get a variety of information.

HRESULT SLGetInfomation(  HSLC hSLC, // SL client context handle  DWORDdwCategory, // The category of information to retrieve  PCWSTRpszKeyName, // Name of the Key  DWORD* pdwType, // Type of value SIZE_T* pcbValue, // Size of value  PBYTE* ppbValue // Pointer tobuffer of value );

Parameters

hSLC

[in] Handle to current SL client context handle

dwCategory

[in] The category of information.

Category Meaning SL_CAT_RIGHTDATA Get the information from bound right.The license has to be consumed successfully before getting these rightdata. SL_CAT_DYNAMICPROPERTY Get the information that is not in thelicense but calculating in the run-time. For example,RemainingGracePeriodDays. The right has to be consumed before calling.Name Meaning RemainingGracePeriod The grace period is defined inDays:DWORD out-of-box license. Once the application is installed, thetime is counting down. Applications can check remaining grace periodafter they have consumed license. ActivationStatus: After applicationsconsumed DWORD license, it can get consumed license type. The returnvalue could be: SL_LIC_OOB The consumed license is out- of-box license.SL_LIC_ACQUIRED The consumed license is acquired license. SL_LIC_NONE Nolicense is available. SL_CAT_SERVICEINFO Get the information that is notdependent on license. The caller can get this category of informationwithout consuming license. Name Meaning SLVersion: The version of SL.1.2.3.4 DWORD format. HWID:BINARY Current HWID SL_CAT_WINDOWSINFO Getinformation that is bound right property in Windows license. This is forComponentization. Windows License has been consumed by SL service and SLservice keeps the bound right properties. SL_CAT_ENUMLICINFO WhenSLEnumLicenseis called and is succeed, the caller can query theinformation of enumerated license by using this category.

pszKeyName

[in] the name of the key. E.g. BuildNumber

pdwType

[out] type of data

Value Meaning SL_DATATYPE_SZ Unicode string SL_DATATYPE_DWORD DWORDSL_DATATYPE_BINARY Binary

pcbValue

[out] Size of the buffer allocated (in bytes).

ppbValue

[out] If successful, the data is returned in the buffer allocated bySLC. The caller has to call SLFreeMemory to free the memory.

Returns

Success or failure

SLAcquireLicense

The SLAcquireLicense function is used to acquire on-line license for theuser. SLC enumerates the product keys associated with the Applicationand picks up the product key with highest product priority (seeSLInstall, registration information). Then SL gets the clearing houseURL from out-of-box license and connects to clearing house to get alicense.

SLAcquireLicense could be a lengthy process. Applications can call thisfunction in asynchronous mode by specifying pAsyncContext (NULL meanssynchronous mode).

HRESULT SLAcquireLicense(  HSLC hSLC, // SL client context handle PCWSTR pszProdKeyHash, // hash of product key  PCWSTRpszPublishLicense, // string of publishing license.  SL_ASYNC_CONTEXT*pAsyncContext );

Parameters

hSLC

[in] Handle to current SL client context handle

pszProdKeyHash

[in] string of product key hash. The product key hash is created whenSLInstall is called and is maintained by the licensing service.

pszPublishingLicense

[in] string of publishing license.

pAsyncContext

[in] asynchronous context for SL asynchronous call.

Remarks

The acquired license will be stored in license store accordingly and thelicense information will be registered, too. (see SLInstall)

Applications might need to add more client information to license. Theapplication can put the information to pbAppData in the call and thisdata will be sent to clearing house.

When this function succeeds:

It sent necessary binding information to the specified license server.

It receives the license from license server.

It stored the license in license store. See description of SLInstall,above, for how the license file is stored.

Returns

Success or failure.

SLGenerateTextChallenge

Generates and installation challenge text to be routed to a licenseissuer in an out of band fashion (telephone, email, file share, etc).

HRESULT SLGenerateTextChallenge(  HSLC hSLC, // SL client context handle PCWSTR pszProdKeyHash, // string of product key hash  BOOLfSingleSession, // Single session only?  PWSTR *ppszChallenge // Pointerto buffer to hold challenge text );

Parameters

hSLC

[in] Handle to current SL client context handle

pszProdKeyHash

[in] String of product key hash. The product key hash is created whenSLInstall is called and maintained by the licensing service.

bSingleSession

[in] Specifies whether or not the corresponding text response from thelicense issue will be valid only for the lifetime of this SLC sessionhandle.

ppszChallenge

[out] If successful, the text challenge is returned in the bufferallocated by SLC. The caller needs to call SLFreeMemory to free theallocated memory.

Returns

Success or failure.

SLDepositTextResponse

Deposits the response to an installation challenge text in the licensingsystem. Used to activate a license with a conditional access code. Onlyvalid if there is an outstanding text challenge which has been issuedfor a license. If the original license specified that the challenge wasonly valid for a single session, this API must be called with theresponse before the SLC handle is closed or depositing the response willfail.

HRESULT SLDepositTextResponse(  HSLC hSLC, // SL client context handle PCWSTR pszProdKeyHash,  PWSTR pszResponse // Buffer containing responsetext );

Parameters

hSLC

[in] Handle to current SL client context handle

pszProdKeyHash

string of the product key hash

pszChallenge

[in] Response text

Returns

Success or failure.

SLEnumLicense

The SLEnumLicensefunction is used to enumerate installed licenses andget information from the license.

HRESULT SLEnumLicense(  HSLC hSLC, // SL client context handle  CONSTGUID* pguidApp, // application GUID  DWORD dwIndex // index number );

Parameters

hSLC

[in] Handle to current SL client context handle

pguidApp

[in] See SLInstall. If pguidApp is not NULL, then licenses associatedwith this GUID are enumerated. If the GUID is NULL, then all licensesare enumerated.

dwIndex

[in] The index number of the license to be retrieved. This value shouldbe zero for the first call to the SLEnumLicense function and thenincremented for subsequent calls.

The function may return licenses in any order.

Returns

E_SL_NO_MORE_DATA—No license at the specified index.

Remarks

If SLEnumLicenses succeeded, the selected license information can beaccessed by calling SLGetInformation and the category isSL_CAT_ENUMLICINFO

Sample:

  DWORD i=0; PBYTE pbProductPriority = NULL; PBYTEpbRemainingGracePeriodDays = NULL; for (i=0; ; i++) { EXIT_ON_ERROR(SLEnumLicense(hSLC, NULL, dwIndex)); if(E_SL_NO_MORE_DATA == SCODE(hr)) {  hr = S_OK;  break; }

EXIT_ON_ERROR(SLGetInformation(hSLC, SL_CAT_ENUMLIC, “ProductPriority”,&dwType, &cbProductPriority, &pbProductPriority));

EXIT_ON_ERROR(SLGetInformation(hSLC, SL_CAT_ENUMLIC,“RemainingGracePeriodDays”, &dwType, &cbRemainingGracePeriodDays,&pbRemainingGracePeriodDays));

Exit:

   SLFreeMemory(pbProductPriority); SLFreeMemory(pbRemainingGracePeriodDays); }

SLFreeMemory

The SLFreeMemory function is used to free the memory allocated by SLC.

VOID SLFreeMemory(  PVOID pvMemblock, // pointer to memory );

Parameters

pvMemBlock

[in] Previously allocated memory block to be freed

Returns

None

Use of Software Licensing API to Control Use of Software

A software product uses the API of the present invention for variouspurposes related to licensing, including the consumption of rights in alicense, and the retrieval of data from the license. As noted above, theAPI allows the software to determine what rights are present in thelicense, but, preferably, it is up to the software to determine what todo with that information—e.g., grant or deny access to a feature, ceaseoperation altogether, etc. The following description of FIGS. 4 and 5show how the API of the present invention is used by a software product.

FIG. 4 shows an example process by which an application “consumes” aright. The application calls the SLConsumeRight method (402). Asdiscussed above, the arguments to the SLConsumeRight function includethe client handle assigned by the licensing service, and the name of theright (which is assigned by the vendor of the software to which theright pertains). The licensing service (service 202, shown in FIG. 2)receives the call (404). The service then locates licenses that containsthe right, and checks the licenses bindings and validity. As notedabove, the license is located in the license store; if there is morethan one license that pertains to the application software to which theSLConsumeRight call pertains, then a priority rule may be used to selectone of the applicable licenses. Checking the binding means determiningthat: (1) the license is bound to the product key of the applicationidentified by the client handle; and (2) the license is bound to themachine on which the software is running (or to the group of machines ofwhich the current machine is a member). Checking validity may includedetermining that the right has not expired (in the case of licenses thatspecify an expiration date), and that the maximum number of uses of theright is not exceeded (in the case where the license specifies a maximumnumber of times that the right may be used (i.e., “consumed”)).

If the license and/or right are found to be correctly bound and valid(408), then the license is bound to the right requested in the API call(412). (It should be noted that “binding” a license to a machine,environment, and a product key means that the license specifies whichmachine(s) and product key it can be used with; “binding” a license to aright means that the consume function has been successful, and the rightis being consumed from a particular license. Throughout thisdescription, it will be clear from context which meaning of “binding”applies.) The API call then returns to the calling application andindicates that the call was successful (414). If the license and/orright has been found to be invalid, or not correctly bound to themachine, environment, or product ID, then the SLConsumeRight callreturns to the calling application and indicates that the operationfailed (410).

If the SLConsumeRight call returns with a failure, then the rightspecified in the call cannot be consumed from a license, and noinformation about that right will be available to the callingapplication. However, if the right is successfully consumed, then theapplication can use the binding of the right to the license to getinformation from the license about the right. For example, a license maycontain a general right called “run,” which indicates that theapplication may be run. However, for the “run” right, the license maycontain more specific parameters about the usage of theapplication—e.g., the license may specify whether particular features ofan application (e.g., print, edit, save, etc.) should be turned on oroff, and may give specific parameters for the use of these features(e.g., the document can be saved only on machines that are running in aparticular domain, or the print feature can only be used for thirtydays, etc.). The SL API does not require any particular type ofinformation to be associated with a right, but rather provides amechanism whereby an application vendor can associate any type ofinformation with a right, which can then be retrieved and interpreted bythe application.

Assuming that a right has been successfully consumed as described inFIG. 4, the application may then retrieve the information associatedwith the right. The process of retrieving this information is describedin FIG. 5.

First, the application calls the SLGetInformation method on the boundright (502). The various types of information that can be retrieved aredescribed above in connection with the description of theSLGetInformation method. The licensing service then receives the call(504). The service retrieves the requested information from the licensefile that contains the bound right (506). The licensing service thenplaces this information in a buffer (508), and returns to the callingapplication (510). The calling application then reads the contents ofthe buffer, and performs whatever actions it deems necessary based onthe retrieved information.

It should be noted that the licensing service may not be aware of themeaning of the information that it is handling as part of anSLGetInformation call. As discussed above, the licensing frameworkprovides a mechanism whereby a software vendor can create rights, andcan associate information with the rights. The invention is not limitedeither to any particular type of information that can be associated withthe right. When the information is retrieved from the license, it issimply passed by the licensing service to the application in a buffer.The application then interprets the retrieved information, decides whatactions to be taken based on that information, and uses its own securityfeatures to enforce the application's decision. (E.g., if, based on theretrieved information, the application decides to disable the printfeature, the application contains the code that actually disables thisfeatures and, possibly, code that prevents a hacker from tampering withthe disabling of the print feature.)

It is noted that the foregoing examples have been provided merely forthe purpose of explanation and are in no way to be construed as limitingof the present invention. While the invention has been described withreference to various embodiments, it is understood that the words whichhave been used herein are words of description and illustration, ratherthan words of limitations. Further, although the invention has beendescribed herein with reference to particular means, materials andembodiments, the invention is not intended to be limited to theparticulars disclosed herein; rather, the invention extends to allfunctionally equivalent structures, methods and uses, such as are withinthe scope of the appended claims. Those skilled in the art, having thebenefit of the teachings of this specification, may effect numerousmodifications thereto and changes may be made without departing from thescope and spirit of the invention in its aspects.

1-20. (canceled)
 21. An apparatus comprising: at least one computerprocessor; a license store that stores license files for differentsoftware products, said license files including licenses to thedifferent software products specifying rights and conditions on theexercise of said rights; and memory coupled to the at least one computerprocessor, the memory comprising executable instructions that, based onexecution by the at least one computer processor, cause the at least onecomputer processor to automatically: expose an application programminginterface that provides access by application programs to licenseinformation associated with the different software products in saidlicense files in said license store; receive from an application programvia said application programming interface a request comprising anindication of a software product and a request to exercise a rightgranted in a license to the software product in said license files;check whether the license for the indicated software product is valid;based at least on the license for the indicated software product beingvalid, obtaining from said license store rights and conditions of theexercise of said rights granted in the license for the software productindicated in the request; and provide, based at least on receiving therequest via said application programming interface, the rights andconditions of the exercise of said rights granted in the license for thesoftware product indicated in the request to the application programwithout implementing any mechanism for granting or denying the rightsgranted in the license for the software product, wherein theinstructions for checking whether the license for the indicated softwareproduct is valid further comprises instructions for determining that thelicense for the indicated software product is bound to the softwareproduct by determining whether the rights granted in the license for thesoftware product indicated in the request can be exercised based onwhether the rights are bound to an entity for which execution of theapplication program was requested, wherein the instructions furthercomprise instructions for establishing a context for asynchronousprocessing and processing the request from the application program,asynchronously, in accordance with the established context, and whereinthe executable instructions are executed by an operating system.
 22. Theapparatus of claim 21, further comprising a trust store that stores dataused in a license validation process in a tamper-resistant manner. 23.The apparatus of claim 21, wherein the instructions for checking thatthe license for the indicated software product is valid includesinstructions for determining, via a conflict rule, which license toobtain from a plurality of licenses indicated by said license files thatare stored in the license store for the software product, the pluralityof licenses including the license to the software product.
 24. Theapparatus of claim 21, wherein the rights and conditions of the exerciseof said rights granted in the license for the software product indicatedin the request comprise an indication of a validity of the rightsgranted in the license for the software product.
 25. The apparatus ofclaim 21, wherein the instructions for obtaining said license storerights and conditions of the exercise of said rights includesinstructions for determining whether the license for the indicatedsoftware product is valid and bound to the software product, and forobtaining said license store rights and conditions of the exercise ofsaid rights granted in the license for the software product indicated inthe request when said license store rights and conditions of theexercise of said rights granted in the license for the software productindicated in the request is valid and bound to the software product. 26.The apparatus of claim 21, wherein instructions for providing the rightsand conditions of the exercise of said rights includes instructions forproviding the rights and conditions of the exercise of said rightsgranted in the license for the software product indicated in the requestor the information from the license to the software product indicated inthe request to the application software without implementing anymechanism for granting or denying the rights granted in the license forthe software product.
 27. A method comprising: exposing an applicationprogramming interface that provides access by application programs tolicense information in a license store storing license files fordifferent software products, said license files including licenses tothe different software products specifying rights and conditions on theexercise of said rights; receiving from an application program via saidapplication programming interface a request comprising an indication ofa software product having a license file in the license store and arequest to exercise a right granted in a license to the software productin said license files; checking whether the license for the indicatedsoftware product is valid; based at least on the license for theindicated software product being valid, obtaining from said licensestore rights and conditions of the exercise of said rights granted inthe license for the software product indicated in the request;providing, based at least on receiving the request via said applicationprogramming interface, the rights and conditions of the exercise of saidrights granted in the license for the software product indicated in therequest to the application program without implementing any mechanismfor granting or denying the rights granted in the license for thesoftware product, wherein checking whether the license for the indicatedsoftware product is valid further comprises determining that the licensefor the indicated software product is bound to the software product bydetermining whether the rights granted in the license for the softwareproduct indicated in the request can be exercised; establishing acontext for asynchronous processing; and processing the request from theapplication program, asynchronously, in accordance with the establishedcontext, wherein the method is executed by an operating system.
 28. Themethod of claim 27, further comprising storing data used in a licensevalidation process in a trust store in tamper-resistant manner.
 29. Themethod of claim 27, wherein checking that the license for the indicatedsoftware product is valid includes determining, via a conflict rule,which license to obtain from a plurality of licenses in said licensefiles that are stored in the license store for the software product, theplurality of licenses including the license to the software product. 30.The method of claim 27, wherein the rights and conditions of theexercise of said rights granted in the license for the software productindicated in the request comprise an indication of a validity of therights granted in the license for the software product.
 31. The methodof claim 27, wherein the license files further specify at least onecondition on the exercise of the right granted in the license.
 32. Themethod of claim 27, wherein the obtaining rights and conditions of theexercise of said rights further comprises determining whether thelicense for the indicated software product is valid and bound to thesoftware product, and obtaining rights and conditions of the exercise ofsaid rights granted in the license for the software product indicated inthe request when rights and conditions of the exercise of said rightsgranted in the license for the software product indicated in the requestis valid and bound to the software product.
 33. A computer-readablememory device comprising executable instructions that, based onexecution by at least one computer processor, cause the at least onecomputer processor to: expose an application programming interface thatallows application programs to request license information contained ina license store storing license files for different software products,said license files including licenses to the different software productsspecifying at least one right; receive from an application program atleast via said application programming interface a request comprising anindication of a software product having a license file in the licensestore and a request to exercise a right granted in a license to thesoftware product in said license files; check whether the license forthe indicated software product is valid; based at least on the licensefor the indicated software product being valid, obtain from said licensestore the at least one right granted in the license for the softwareproduct indicated in the request; provide, based at least on receivingthe request via said application programming interface, the at least oneright granted in the license for the software product indicated in therequest to the application program without implementing any mechanismfor granting or denying the rights granted in the license for thesoftware product, wherein checking whether the license for the indicatedsoftware product is valid further comprises determining that the licensefor the indicated software product is bound to the software product bydetermining whether the rights granted in the license for the softwareproduct indicated in the request can be exercised based on whether therights are bound to an entity associated with the received request;establishing a context for asynchronous processing; and processing therequest from the application program, asynchronously, in accordance withthe established context, wherein the instructions are executed by anoperating system.
 34. The memory device of claim 33, further comprisinginstructions for storing data used in a license validation process in atrust store in tamper-resistant manner.
 35. The memory device of claim33, wherein instructions for checking that the license for the indicatedsoftware product is valid includes instructions for determining, via aconflict rule, which license to obtain from a plurality of licenses insaid license files that are stored in the license store for the softwareproduct, the plurality of licenses including the license to the softwareproduct.
 36. The memory device of claim 33, wherein instructions tocheck whether the license for the indicated software product is validcomprises instructions that further cause the at least one processor todetermine whether the rights granted in the license for the softwareproduct indicated in the request can be exercised based on whetherrights are bound to a class of machines of which a machine executing theapplication program from which the request was received is a member. 37.The memory device of claim 33, wherein the license files further specifyat least one condition on the exercise of said at least one right. 38.The memory device of claim 33, wherein the check further compriseschecking whether the license for the indicated software product is boundto the software product.
 39. The memory device of claim 33, wherein theobtaining the at least one right further comprises determining whetherthe license for the indicated software product is valid and bound to thesoftware product, and obtaining the at least one right and conditions ofthe exercise of said at least one right granted in the license for thesoftware product indicated in the request when the at least one rightand conditions of the exercise of said at least one right granted in thelicense for the software product indicated in the request is valid andbound to the software product.
 40. The memory device of claim 39,wherein providing the at least one right based at least on receiving therequest, further comprises providing the at least one right and theconditions of the exercise of said at least one right granted in thelicense for the software product indicated in the request or theinformation from the license to the software product indicated in therequest to the application software without implementing any mechanismfor granting or denying the rights granted in the license for thesoftware product.